I suggest you ...

Give option to use the Droplet's own bootloader!

At present it appears (at least for Ubuntu) that the KVM instance for each Droplet is invoked with a kernel & initrd that are external to the Droplet's storage. This means that security updates/upgrades to the kernel from with the Droplet (eg *distribution security updates*) are ignored and the Droplet continues to boot with the kernel & initrd from when the Digital Ocean image was created.

1,306 votes
Sign in
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Chris WilsonChris Wilson shared this idea  ·   ·  Admin →
    Ananth SuryaAnanth Surya shared a merged idea: can you please add kernel 4.1.16-040116. I have some software which only works with this. Also cant VMs use grub ??  ·   · 
    Andrew RembrandtAndrew Rembrandt shared a merged idea: Specify custom kernel parameters from control panel  ·   · 
    BilalBilal shared a merged idea: Members should use own Kernels  ·   · 
    Anonymous shared a merged idea: dear sir I'm working on my Cloudlinux on digitalocean.com i want you to forward this problem to your senior management staffs or CEO to re  ·   · 
    RR shared a merged idea: Centos 6.5 upstream kernel: kernel-2.6.32-431.3.1.el6  ·   · 
    Anonymous shared a merged idea: Archlinux kernel selection  ·   · 
    Anonymous shared a merged idea: New Kernels  ·   · 
    AmkoAmko shared a merged idea: Add Centos 5.10 Kernel 2.6.18-371.1.2.el5.go please.  ·   · 
    Joe LeBlancJoe LeBlanc shared a merged idea: Allow Custom Kernels - would like to have kernels with grsecurity support  ·   · 
    Anonymous shared a merged idea: Add CentOS kernel vmlinuz-2.6.32-358.23.2.el6.x86_64  ·   · 
    SeanSean shared a merged idea: Debian Linux Kernel 3.10-3  ·   · 
    LenaLena shared a merged idea: Kernel update for Ubuntu 12.04 LTS  ·   · 
    Matt ThomasMatt Thomas shared a merged idea: Add 3.2.0-52-generic kernel support  ·   · 
    Anonymous shared a merged idea: Add another kernel in the list: kernel 2.6.18  ·   · 
    John DoeJohn Doe shared a merged idea: Add latest kernels for Ubuntu 13.04  ·   · 
    Tobias SchwabTobias Schwab shared a merged idea: Improve Kernel Management  ·   · 
    Jonathan TittleJonathan Tittle shared a merged idea: Allow Custom Kernels  ·   · 


    I just wanted to provide a quick update to everyone interested in this feature. As you may have noticed, certain Droplets do in fact use their own bootloaders and “internally managed” kernels right now. CoreOS, FreeBSD, Fedora, Ubuntu 15.04 and 15.10, and Debian 8 all do.

    We will keep this request updated as we backport these changes to earlier releases including CentOS and Ubuntu 14.04. With its planned release in April, Ubuntu 16.04 LTS will use its own bootloader as well.



    Sign in
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      • Ananth SuryaAnanth Surya commented  · 

        Btw, I need this for ubuntu 14.04.3 (shouldn't matter I think)

      • Ananth SuryaAnanth Surya commented  · 

        I just need a specific kernel version. Ideal would be give that flexibility to us, the users... looks like grub is not used by the infra at all

      • Andy SaylerAndy Sayler commented  · 

        Today's secuty announcement is yet another reason why relying on DO to provide kernals is bad for DO users (and by proxy, bad for DO): http://arstechnica.com/security/2016/01/linux-bug-imperils-tens-of-millions-of-pcs-servers-and-android-phones/.

        Ubuntu pushed out an updated kernel early this morning (http://www.ubuntu.com/usn/usn-2871-2/), but I'm still wating on DO to update their list of available kernels - meanwhile my DO VMs remain exposed...

      • BenBen commented  · 

        I'm surprised that DO hasn't said anything about progress on this issue - some of the latest images (e.g. the Ubuntu 15.04 image) DO implement internally-managed kernels. The bummer is that it's only good for new droplets. Converting already existing droplets means creating a new droplet and then moving content from the old droplet to the new one. AFAIK (unless it's changed since I found out about this), this has not yet been implemented in the Ubuntu 14.04 (LTS) image. I've got one more droplet to move over (my mail server), and I'll have all my droplets running on the internally-managed kernel.

      • StefStef commented  · 

        Really disappointing… :(

      • mc0emc0e commented  · 

        Seriously? 3 years? I've recently put a few of a client's servers on DO. No more.

      • SeanSean commented  · 

        No, on Fedora 21 you can delete the local kernel/initrd and it still boots...

      • md_5md_5 commented  · 

        CoreOS, FreeBSD and Fedora 21 all use their own bootloaders.... now for this to just become standard. I'll never understand why it was done this way in the first place.

      • Anonymous commented  · 

        When I joined DO, I didn't realize that this was a limitation. Luckily, I only joined recently and haven't fully committed to DO just yet. If this doesn't get implemented soon, I'm afraid I may be forced to go elsewhere. That would be a shame because I've so far been very happy about everything else at DO.

      • SeanSean commented  · 

        I've finally left for another provider because of this issue. Digital Ocean was stuck on kernel 3.2.60-1+deb7u1 for over two months after Debian released newer versions with SECURITY UPDATES. They only added the new version after I noticed this and opened a support ticket. They didn't even know there were missing updates at the time.

        They are acting very irresponsibly by taking kernel patching upon themselves and then not doing their job. It concerns me that this is probably not the only thing they have neglected -- just the easiest one to see.

      • GeraldGerald commented  · 

        How many more votes does Digital Ocean need to implement this?

      • Monkey BonkeyMonkey Bonkey commented  · 

        I have never have an Arch kernel break on me. The situation here is much worse since we can't patch stuff even when we want to...

      • LukaLuka commented  · 

        ETA on this is NEVER.... Same as for more space per droplet...

      • Justin JettJustin Jett commented  · 

        1000 votes. What is the ETA for this?

      • d3zorgd3zorg commented  · 

        much need. do it please :)

      • MaxMax commented  · 

        How has this not been implemented yet? Once again, there are kernel updates that I can't apply because of the DO bootloader.

      • SeanSean commented  · 

        I just figured I'd mention, because of this problem, there is RIGHT NOW a security update that has been released for Debian that is impossible to install on a DO droplet without kexec trickery. When are you going to fix this???

      ← Previous 1 3 4 5 6

      Feedback and Knowledge Base